rpm/0001-Forward-port-obsoleted-crypto-needed-by-current-libd.patch

From 9a9514e665c30554a4d72c7c79475af315b83dc3 Mon Sep 17 00:00:00 2001
Message-Id: <9a9514e665c30554a4d72c7c79475af315b83dc3.1683531413.git.pmatilai@redhat.com>
From: Panu Matilainen <pmatilai@redhat.com>
Date: Mon, 8 May 2023 09:26:46 +0300
Subject: [PATCH] Forward-port obsoleted crypto needed by current libdnf

Provide the minimum required bits to allow the old PackageKit-inherited
signature in libdnf to work until the switch to dnf5 happens, allegedly
during this release cycle.
---
 include/rpm/rpmkeyring.h |  4 ++++
 include/rpm/rpmpgp.h     | 15 ++++++++++++
 rpmio/rpmkeyring.c       | 52 ++++++++++++++++++++++++++++++++++++++++
 rpmio/rpmpgp_sequoia.c   | 11 +++++++++
 4 files changed, 82 insertions(+)

diff --git a/include/rpm/rpmkeyring.h b/include/rpm/rpmkeyring.h
index 3d8d55773..c84292ff8 100644
--- a/include/rpm/rpmkeyring.h
+++ b/include/rpm/rpmkeyring.h
@@ -101,6 +101,10 @@ char * rpmPubkeyBase64(rpmPubkey key);
  */
 pgpDigParams rpmPubkeyPgpDigParams(rpmPubkey key);
 
+/* Obsolete APIs required by libdnf, do not use */
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig);
+pgpDig rpmPubkeyDig(rpmPubkey key);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h
index 675cbad73..f83642c18 100644
--- a/include/rpm/rpmpgp.h
+++ b/include/rpm/rpmpgp.h
@@ -1225,6 +1225,21 @@ int pgpSignatureType(pgpDigParams sig);
  */
 char *pgpIdentItem(pgpDigParams digp);
 
+/* Obsolete APIs required by libdnf, do not use */
+typedef struct pgpDig_s * pgpDig;
+
+RPM_GNUC_DEPRECATED
+pgpDig pgpNewDig(void);
+
+RPM_GNUC_DEPRECATED
+pgpDig pgpFreeDig(pgpDig dig);
+
+RPM_GNUC_DEPRECATED
+pgpDigParams pgpDigGetParams(pgpDig dig, unsigned int pkttype);
+
+RPM_GNUC_DEPRECATED
+int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c
index e3eb9e6ea..464163895 100644
--- a/rpmio/rpmkeyring.c
+++ b/rpmio/rpmkeyring.c
@@ -289,3 +289,55 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)
 
     return rc;
 }
+
+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig)
+{
+    pthread_rwlock_rdlock(&keyring->lock);
+
+    rpmRC res = RPMRC_NOKEY;
+    pgpDigParams sigp = pgpDigGetParams(sig, PGPTAG_SIGNATURE);
+    rpmPubkey key = findbySig(keyring, sigp);
+
+    if (key) {
+	/*
+ 	 * Callers expect sig to have the key data parsed into pgpDig
+ 	 * on (successful) return, sigh. No need to check for return
+ 	 * here as this is validated at rpmPubkeyNew() already.
+ 	 */
+	pgpPrtPkts(key->pkt, key->pktlen, sig, _print_pkts);
+	res = RPMRC_OK;
+    }
+
+    pthread_rwlock_unlock(&keyring->lock);
+    return res;
+}
+
+pgpDig rpmPubkeyDig(rpmPubkey key)
+{
+    pgpDig dig = NULL;
+    static unsigned char zeros[] = 
+	{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+    int rc;
+    if (key == NULL)
+	return NULL;
+
+    dig = pgpNewDig();
+
+    pthread_rwlock_rdlock(&key->lock);
+    rc = pgpPrtPkts(key->pkt, key->pktlen, dig, _print_pkts);
+    pthread_rwlock_unlock(&key->lock);
+
+    if (rc == 0) {
+	pgpDigParams pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY);
+	if (!pubp || !memcmp(pgpDigParamsSignID(pubp), zeros, sizeof(zeros)) ||
+            pgpDigParamsCreationTime(pubp) == 0 ||
+            pgpDigParamsUserID(pubp) == NULL) {
+	    rc = -1;
+	}
+    }
+
+    if (rc)
+	dig = pgpFreeDig(dig);
+
+    return dig;
+}
diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c
index d0b673953..0c1c848dc 100644
--- a/rpmio/rpmpgp_sequoia.c
+++ b/rpmio/rpmpgp_sequoia.c
@@ -80,3 +80,14 @@ W(int, rpmDigestUpdate, (DIGEST_CTX ctx, const void * data, size_t len),
 W(int, rpmDigestFinal,
   (DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii),
   (ctx, datap, lenp, asAscii))
+
+// Minimal backport of APIs required by libdnf until dnf5 takes over
+W(int, pgpPrtPkts,
+  (const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing),
+  (pkts, pktlen, dig, printing))
+W(pgpDig, pgpNewDig, (void), ())
+W(pgpDig, pgpFreeDig, (pgpDig dig), (dig))
+W(pgpDigParams, pgpDigGetParams,
+  (pgpDig dig, unsigned int pkttype),
+  (dig, pkttype))
+
-- 
2.40.1
Rebase to the 4.19 alpha release (4.18.90) This uses the new cmake build scripts so several pieces of the package had to be adjusted. 2023-05-05 11:34:13 +00:00			`From 9a9514e665c30554a4d72c7c79475af315b83dc3 Mon Sep 17 00:00:00 2001`
			`Message-Id: <9a9514e665c30554a4d72c7c79475af315b83dc3.1683531413.git.pmatilai@redhat.com>`
			`From: Panu Matilainen <pmatilai@redhat.com>`
			`Date: Mon, 8 May 2023 09:26:46 +0300`
			`Subject: [PATCH] Forward-port obsoleted crypto needed by current libdnf`

			`Provide the minimum required bits to allow the old PackageKit-inherited`
			`signature in libdnf to work until the switch to dnf5 happens, allegedly`
			`during this release cycle.`
			`---`
			`include/rpm/rpmkeyring.h \| 4 ++++`
			`include/rpm/rpmpgp.h \| 15 ++++++++++++`
			`rpmio/rpmkeyring.c \| 52 ++++++++++++++++++++++++++++++++++++++++`
			`rpmio/rpmpgp_sequoia.c \| 11 +++++++++`
			`4 files changed, 82 insertions(+)`

			`diff --git a/include/rpm/rpmkeyring.h b/include/rpm/rpmkeyring.h`
			`index 3d8d55773..c84292ff8 100644`
			`--- a/include/rpm/rpmkeyring.h`
			`+++ b/include/rpm/rpmkeyring.h`
			`@@ -101,6 +101,10 @@ char * rpmPubkeyBase64(rpmPubkey key);`
			`*/`
			`pgpDigParams rpmPubkeyPgpDigParams(rpmPubkey key);`

			`+/* Obsolete APIs required by libdnf, do not use */`
			`+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig);`
			`+pgpDig rpmPubkeyDig(rpmPubkey key);`
			`+`
			`#ifdef __cplusplus`
			`}`
			`#endif`
			`diff --git a/include/rpm/rpmpgp.h b/include/rpm/rpmpgp.h`
			`index 675cbad73..f83642c18 100644`
			`--- a/include/rpm/rpmpgp.h`
			`+++ b/include/rpm/rpmpgp.h`
			`@@ -1225,6 +1225,21 @@ int pgpSignatureType(pgpDigParams sig);`
			`*/`
			`char *pgpIdentItem(pgpDigParams digp);`

			`+/* Obsolete APIs required by libdnf, do not use */`
			`+typedef struct pgpDig_s * pgpDig;`
			`+`
			`+RPM_GNUC_DEPRECATED`
			`+pgpDig pgpNewDig(void);`
			`+`
			`+RPM_GNUC_DEPRECATED`
			`+pgpDig pgpFreeDig(pgpDig dig);`
			`+`
			`+RPM_GNUC_DEPRECATED`
			`+pgpDigParams pgpDigGetParams(pgpDig dig, unsigned int pkttype);`
			`+`
			`+RPM_GNUC_DEPRECATED`
			`+int pgpPrtPkts(const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing);`
			`+`
			`#ifdef __cplusplus`
			`}`
			`#endif`
			`diff --git a/rpmio/rpmkeyring.c b/rpmio/rpmkeyring.c`
			`index e3eb9e6ea..464163895 100644`
			`--- a/rpmio/rpmkeyring.c`
			`+++ b/rpmio/rpmkeyring.c`
			`@@ -289,3 +289,55 @@ rpmRC rpmKeyringVerifySig(rpmKeyring keyring, pgpDigParams sig, DIGEST_CTX ctx)`

			`return rc;`
			`}`
			`+`
			`+rpmRC rpmKeyringLookup(rpmKeyring keyring, pgpDig sig)`
			`+{`
			`+ pthread_rwlock_rdlock(&keyring->lock);`
			`+`
			`+ rpmRC res = RPMRC_NOKEY;`
			`+ pgpDigParams sigp = pgpDigGetParams(sig, PGPTAG_SIGNATURE);`
			`+ rpmPubkey key = findbySig(keyring, sigp);`
			`+`
			`+ if (key) {`
			`+ /*`
			`+ * Callers expect sig to have the key data parsed into pgpDig`
			`+ * on (successful) return, sigh. No need to check for return`
			`+ * here as this is validated at rpmPubkeyNew() already.`
			`+ */`
			`+ pgpPrtPkts(key->pkt, key->pktlen, sig, _print_pkts);`
			`+ res = RPMRC_OK;`
			`+ }`
			`+`
			`+ pthread_rwlock_unlock(&keyring->lock);`
			`+ return res;`
			`+}`
			`+`
			`+pgpDig rpmPubkeyDig(rpmPubkey key)`
			`+{`
			`+ pgpDig dig = NULL;`
			`+ static unsigned char zeros[] =`
			`+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };`
			`+ int rc;`
			`+ if (key == NULL)`
			`+ return NULL;`
			`+`
			`+ dig = pgpNewDig();`
			`+`
			`+ pthread_rwlock_rdlock(&key->lock);`
			`+ rc = pgpPrtPkts(key->pkt, key->pktlen, dig, _print_pkts);`
			`+ pthread_rwlock_unlock(&key->lock);`
			`+`
			`+ if (rc == 0) {`
			`+ pgpDigParams pubp = pgpDigGetParams(dig, PGPTAG_PUBLIC_KEY);`
			`+ if (!pubp \|\| !memcmp(pgpDigParamsSignID(pubp), zeros, sizeof(zeros)) \|\|`
			`+ pgpDigParamsCreationTime(pubp) == 0 \|\|`
			`+ pgpDigParamsUserID(pubp) == NULL) {`
			`+ rc = -1;`
			`+ }`
			`+ }`
			`+`
			`+ if (rc)`
			`+ dig = pgpFreeDig(dig);`
			`+`
			`+ return dig;`
			`+}`
			`diff --git a/rpmio/rpmpgp_sequoia.c b/rpmio/rpmpgp_sequoia.c`
			`index d0b673953..0c1c848dc 100644`
			`--- a/rpmio/rpmpgp_sequoia.c`
			`+++ b/rpmio/rpmpgp_sequoia.c`
			`@@ -80,3 +80,14 @@ W(int, rpmDigestUpdate, (DIGEST_CTX ctx, const void * data, size_t len),`
			`W(int, rpmDigestFinal,`
			`(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii),`
			`(ctx, datap, lenp, asAscii))`
			`+`
			`+// Minimal backport of APIs required by libdnf until dnf5 takes over`
			`+W(int, pgpPrtPkts,`
			`+ (const uint8_t *pkts, size_t pktlen, pgpDig dig, int printing),`
			`+ (pkts, pktlen, dig, printing))`
			`+W(pgpDig, pgpNewDig, (void), ())`
			`+W(pgpDig, pgpFreeDig, (pgpDig dig), (dig))`
			`+W(pgpDigParams, pgpDigGetParams,`
			`+ (pgpDig dig, unsigned int pkttype),`
			`+ (dig, pkttype))`
			`+`
			`--`
			`2.40.1`